What is the correct way to logout after OAuth?

I have integrated Zoom OAuth in the MacOS app (with Zoom Meeting SDK).

Where the app is redirected the user to the browser and the browser is redirected the user back to the application if the auth is success.

But I have a question about logout: what is the correct way to logout?

There are two endpoints:

  1. POST: https://zoom.us/oauth/revoke
    Account in browser is still active after this request. And user isn’t showed Zoom’s OAuth ways page (Google, FB, etc), just signing in automatically.
  2. DELETE: https://api.zoom.us/v2/users/{userId}/token
    User is showed Zoom’s OAuth ways page (Google, FB, etc) even after reauth (and that’s what I want), BUT this request initiate logout from ALL clients where I was logged in.

Maybe there is one more way to logout?

PS: First I asked the question for #meeting-sdk category. But I was advised to reask it here.

the main problem for me for now that after https://zoom.us/oauth/revoke endpoint using if I want to sign in again - browser make a “auto login”, I mean browser redirects me to the app without Zoom’s OAuth ways page (Google, FB, etc) and without the page where I can select an account.

How can I reach the behavior when after revoke request I won’t have “auto login” with the last logged user in my browser?

macOS Monterey Version 12.1
Safari Version 15.2 (17612.

Hi, is any updates about Zoom logout method?

Hi, is there any updates about this question?


After you revoke an OAuth token, everything restarts from scratch. The user will have to sign in again.

@donte.zoom Hi, thank you for the answer!
Could you please confirm that revoke api method should logout the current user from the browser too?
and after revoking it should not be an auto login effect?

For example I mean the user who have used gmail to enter.

thank you!

Correct, @anton.yereshchenko!
It should not be an auto-login effect after revoking; the user will have to authenticate your app to use it again. You can test this edge case by adding a user, then revoking their access token.